20K WordPress Sites Exposed by Insecure Plugin REST-API

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
Threatpost

Categories	Security
Tags	Exposed, Insecure, plugin, RESTAPI, sites, WordPress